Multi-level multi-tenant cross authorization management method

An authorization management and multi-tenant technology, applied in the direction of electrical digital data processing, instruments, digital data authentication, etc., can solve the problems of being unable to access the resources of the intermediate tenant 2, unable to access the resources of the intermediate tenant 2, etc.

Active Publication Date: 2022-02-25
北京天维信通科技股份有限公司
View PDF3 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] (1) The organizational relationship between tenants is tree-shaped, and high-level tenants can access the resources of lower-level tenants under their branches. For example, high-level tenant 1 in the figure can access Intermediate tenant 1 and the resources of all ordinary tenants under it, but advanced tenant 1 cannot access the resources of intermediate tenant 2;
[0005] (2) Resources among most tenants are still isolated, for example, intermediate tenant 1 in the figure cannot access the resources of intermediate tenant 2
[0009] Therefore, for SD-WAN usage scenarios, there are a large number of situations that cannot be expressed by the traditional tree structure, so it is necessary to design a more suitable tree structure that takes into account various authorization requirements

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Multi-level multi-tenant cross authorization management method
  • Multi-level multi-tenant cross authorization management method
  • Multi-level multi-tenant cross authorization management method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0063] Such as Figure 4 As shown, according to one aspect of the present disclosure, a multi-level multi-tenant cross-authorization management method is provided, including the following steps:

[0064] S100. Define several management roles in different organizations, and configure access rights and resources for the management roles;

[0065] This technology first needs to define the basic information of each management role. The configuration of the basic information of the management role includes the configuration of access rights and resources. Through the configuration of access rights and resources, it can be specified:

[0066] Which tenants (organizations) each management role can manage; which resources each management role can access for a specific tenant; which operation means each management role can use for specific accessible resources of a specific tenant (list , read-only, writable, deleteable, etc.).

[0067] Such as Figure 5 The information configuratio...

Embodiment 2

[0101] According to another aspect of the present disclosure, an authorization tree is provided. When traversing nodes of the authorization tree, the multi-level multi-tenant cross-authorization management method is implemented.

[0102] The specific structure of the authorization tree and the specific implementation and application of the multi-level multi-tenant cross-authorization management method in Embodiment 1 when traversing the authorization tree are specific to Embodiment 1, and will not be described in detail in this embodiment.

[0103] In practical applications, since there are multiple users under each tenant, each user may have its own unique authorization tree, and the flattened tenant list of the authorization tree and their resources and permissions are different for the same tenant. Say, every user is basically the same. In this case, if a new tenant is introduced, the authorization trees of all roles will be modified in batches, and the workload will be ver...

Embodiment 3

[0108] Based on the technical implementation principles and methods of Embodiments 1 and 2, this embodiment correspondingly proposes a management device to implement a multi-level multi-tenant cross-authorization management method.

[0109] In this embodiment, the functions of each module and the information interaction mode between the modules are referred to Embodiments 1 and 2, and will not be repeated here.

[0110] In addition, the connection between modules is not limited to wired or wireless.

[0111] According to another aspect of the present disclosure, there is also provided an apparatus for implementing the multi-level multi-tenant cross-authorization management method, including:

[0112] Role definition and configuration module: used to define several management roles in different organizations, and perform access rights and resource configuration on the management roles; mount module: used to select cross-server users who are in different organizations from the m...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a multi-level multi-tenant cross authorization management method, which comprises the following steps: defining a plurality of management roles in different organizations, and carrying out access permission and resource configuration on the management roles; selecting cross-server users in different organizations from the management role, and mounting the cross-server users on the management role to form a cross management role; and presetting a role consignment rule, and endowing the cross management role to a user according to the role consignment rule. The cross authorization and resource access of different management nodes can be carried out across organizations, the authorization tree can realize cross authorization management on all tenants, the authorization trees of all roles do not need to be modified in batches for newly introduced tenants, and the workload is very small. According to the invention, on the basis of a plurality of stackable tree-shaped management architectures, a plurality of layers of special management relationships are stacked, and cross authorization of a classical architecture and special requirements is considered, so that a management architecture which cannot be realized by a multi-tenant system of a traditional tree-shaped management architecture can be met.

Description

technical field [0001] The present disclosure relates to the technical field of user rights management, and in particular to a multi-level multi-tenant cross-authorization management method, authorization tree and device. Background technique [0002] A multi-tenant system means that the same system instance can serve multiple organizations at the same time (each organization is called a tenant). The resources between organizations are isolated from each other, and organizations cannot directly discover each other. [0003] Such as figure 1 In the multi-level multi-tenant system shown, in the multi-tenant system, there is an ownership relationship between tenants. This multi-level multi-tenant system generally has the following two characteristics: [0004] (1) The organizational relationship between tenants is a tree type. High-level tenants can access the resources of lower-level tenants under their branches. 1 cannot access the resources of intermediate tenant 2; [00...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/30
CPCG06F21/30G06F2221/2141G06F2221/2113
Inventor 张新赵涛刘丹丹
Owner 北京天维信通科技股份有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap